- breadcrumb_title _('Two-Factor Authentication')
- page_title _('Two-Factor Authentication'), _('Account')
- add_to_breadcrumbs _('Account'), profile_account_path

.js-two-factor-auth{ 'data-two-factor-skippable' => "#{two_factor_skippable?}", 'data-two_factor_skip_url' => skip_profile_two_factor_auth_path }
  .row.gl-mt-3
    .col-lg-4
      %h4.gl-mt-0
        = _('Register a one-time password authenticator')
      %p
        = _('Use a one-time password authenticator on your mobile device or computer to enable two-factor authentication (2FA).')
    .col-lg-8
      - if current_user.two_factor_otp_enabled?
        %p
          = _("You've already enabled two-factor authentication using one time password authenticators. In order to register a different device, you must first disable two-factor authentication.")
      - else
        %p
          - register_2fa_token = _('We recommend using cloud-based authenticator applications that can restore access if you lose your hardware device.')
          = register_2fa_token.html_safe
          = link_to _('What are some examples?'), help_page_path('user/profile/account/two_factor_authentication', anchor: 'enable-one-time-password'), target: '_blank', rel: 'noopener noreferrer'
        .row.gl-mb-3
          .col-md-4.gl-min-w-fit-content
            .gl-p-2.gl-mb-3{ style: 'background: #fff' }
              = raw @qr_code
          .col-md-8
            = render Pajamas::CardComponent.new do |c|
              - c.with_body do
                %p.gl-mt-0.gl-mb-3.gl-font-weight-bold
                  = _("Can't scan the code?")
                %p.gl-mt-0.gl-mb-3
                  = _('To add the entry manually, provide the following details to the application on your phone.')
                %p.gl-mt-0.gl-mb-0
                  = _('Account: %{account}') % { account: @account_string }
                %p.gl-mt-0.gl-mb-0{ data: { qa_selector: 'otp_secret_content' } }
                  = _('Key:')
                  %code.two-factor-secret= current_user.otp_secret.scan(/.{4}/).join(' ')
                %p.gl-mb-0.two-factor-new-manual-content
                  = _('Time based: Yes')
        = form_tag profile_two_factor_auth_path, method: :post do |f|
          - if @error
            = render Pajamas::AlertComponent.new(title: @error[:message],
              variant: :danger,
              alert_options: { class: 'gl-mb-3' },
              dismissible: false) do |c|
              - c.with_body do
                = link_to _('Try the troubleshooting steps here.'), help_page_path('user/profile/account/two_factor_authentication.md', anchor: 'troubleshooting'), target: '_blank', rel: 'noopener noreferrer'

          - if current_password_required?
            .form-group
              = label_tag :current_password, _('Current password'), class: 'label-bold'
              = password_field_tag :current_password, nil, autocomplete: 'current-password', required: true, class: 'form-control gl-form-input', data: { qa_selector: 'current_password_field' }
              %p.form-text.text-muted
                = _('Your current password is required to register a two-factor authenticator app.')
          .form-group
            = label_tag :pin_code, _('Enter verification code'), class: "label-bold"
            = text_field_tag :pin_code, nil, autocomplete: 'off', inputmode: 'numeric', class: "form-control gl-form-input", required: true, data: { qa_selector: 'pin_code_field' }
          .gl-mt-3
            = render Pajamas::ButtonComponent.new(type: :submit, variant: :confirm, button_options: { data: { qa_selector: 'register_2fa_app_button' } }) do
              = _('Register with two-factor app')

  %hr

  .row.gl-mt-3
    .col-lg-4
      %h4.gl-mt-0
        = _('Register a WebAuthn device')
      %p
        = _('Set up a hardware device to enable two-factor authentication (2FA).')
      %p
        - if Feature.enabled?(:webauthn_without_totp)
          = _("Not all browsers support WebAuthn. You must save your recovery codes after you first register a two-factor authenticator to be able to sign in, even from an unsupported browser.")
        - else
          = _("Not all browsers support WebAuthn. Therefore, we require that you set up a two-factor authentication app first. That way you'll always be able to sign in, even from an unsupported browser.")
    .col-lg-8
      - if @webauthn_registration.errors.present?
        = form_errors(@webauthn_registration)
      = render "authentication/register", target_path: create_webauthn_profile_two_factor_auth_path

      %hr

      %h5
        = _('WebAuthn Devices (%{length})') % { length: @registrations.length }

      - if @registrations.present?
        .table-responsive
          %table.table
            %colgroup
              %col{ width: "50%" }
              %col{ width: "30%" }
              %col{ width: "20%" }
            %thead
              %tr
                %th= _('Name')
                %th= s_('2FADevice|Registered On')
                %th
            %tbody
              - @registrations.each do |registration|
                %tr
                  %td
                    - if registration[:name].present?
                      = registration[:name]
                    - else
                      %span.gl-text-gray-500
                        = _("no name set")
                  %td= registration[:created_at].to_date.to_fs(:medium)
                  %td
                    = render Pajamas::ButtonComponent.new(variant: :danger,
                      href: registration[:delete_path],
                      method: :delete,
                      button_options: { class: 'float-right', data: { confirm: _('Are you sure you want to delete this device? This action cannot be undone.'), confirm_btn_variant: "danger" }, aria: { label: _('Delete') }}) do
                      = _('Delete')

      - else
        .settings-message.text-center
          = _("You don't have any WebAuthn devices registered yet.")

  %hr

  .row.gl-mt-3
    .col-lg-4
      %h4.gl-mt-0
        = _('Disable two-factor authentication')
      %p
        = _('Use this section to disable your one-time password authenticator and WebAuthn devices. You can also generate new recovery codes.')
    .col-lg-8
      - if current_user.two_factor_enabled?
        %p
          = _('If you lose your recovery codes you can generate new ones, invalidating all previous codes.')
        - if @error
          = render Pajamas::AlertComponent.new(title: @error[:message],
            variant: :danger,
            alert_options: { class: 'gl-mb-3' },
            dismissible: false) do |c|
            - c.with_body do
              = link_to _('Try the troubleshooting steps here.'), help_page_path('user/profile/account/two_factor_authentication.md', anchor: 'troubleshooting'), target: '_blank', rel: 'noopener noreferrer'
        .js-manage-two-factor-form{ data: { current_password_required: current_password_required?.to_s, profile_two_factor_auth_path: profile_two_factor_auth_path, profile_two_factor_auth_method: 'delete', codes_profile_two_factor_auth_path: codes_profile_two_factor_auth_path, codes_profile_two_factor_auth_method: 'post' } }
      - else
        %p
          = _("Register a one-time password authenticator or a WebAuthn device first.")
